Data of 14 million Careem users stolen in cyberattack

Careem announced today that it was the victim of a cyber-attack that compromised the data of its clients and employees.

Dear Customers, we have identified a cyber incident that took place in January 2018 involving unauthorized access to the system we use to store data. Our wider security protocol keep passwords encrypted and credit card details on a separate system. pic.twitter.com/rkcpf671ct

The company said in a message that the attack was detected on January 14, at a time when the app had 14 million users in the Middle East, North Africa, Pakistan and Turkey.

“We became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date (January 14) are not affected,” it said.

Few weeks ago, Daniyal Nasir from Karachi, Pakistan diged into the Careem Application to test for the security issues and found the most critical vulnerabilities in their applications by which he was able to access over 1.4 million customer’s confidential information of Careem.

He was able to get all the Information of Careem includes all the Driver’s Email, Name, Mobile Number, ID CardNumber, Trips, Payment Information, even their Pictures. Not only drivers, but also the details of all the Cars registered in Careem even their Car Registration Number.

Daniyal Nasir tried to reach the Careem appropriate team to discuss about these vulnerabilities but he received no response other than a generic reply.

In the past the data of PakWheels and Zameen users were also compromised and made available online.